Install docker

Please follow the instructions here to install docker-ce to your machine. If you run Ubuntu 18.04 you can use the docker.io package sudo apt-get install docker.io as it's recent enough to support swarm and iptables without modification.

Then, run usermod -aG docker $USER and logout/login.

Configure Firewall for Docker

In order to join the swarm, first ensure that your firewall rules allow access on the following ports. All swarm communications occur over a self-signed TLS certificate. Due to the way iptables and docker work you cannot use the INPUT chain to block access to apps running in a docker container as it's not a local destination but a FORWARD destination. By default when you map a port into a docker container it opens up to any host. To restrict access we need to add our rules in the DOCKER-USER chain reference.

TCP port 2376only to54.171.68.124 for secure Docker engine communication. This port is required for Docker Machine to work. Docker Machine is used to orchestrate Docker hosts. As this is a local service we use the INPUT chain.

In addition, the following ports must be opened for factomd to function which we add to the DOCKER-USER chain:

2222 to 54.171.68.124, which is the SSH port used by the ssh container

8088 to 54.171.68.124, the factomd API port

8090 to 0.0.0.0, the factomd Control panel

Keeping this open to the world is beneficial on testnet for debugging purposes

Configure and Run the Docker Engine

There are a number of ways to run dockerd and two effectively mutually
exclusive ways to configure dockerd. The ways to run dockerd are discussed
below, but it is also important to understand the two ways that it can be
configured.

Choose one of the following options for configuring dockerd

You can either use the /etc/docker/daemon.json file to specify dockerd
options, or you can specify options on the command line. Note that while these
methods can be used together, if the same option is specified in both
locations, dockerd will fail to start even if the options agree. For this
reason it is best to either specify all options on the command line or all
options in /etc/docker/daemon.json.

1. Using daemon.json (recommended)

You can configure the docker daemon using a default config file, located at
/etc/docker/daemon.json. Create this file if it does not exist.

As noted above, please make sure that you do not also specify any of these
options on the command line for dockerd. Please make sure to specify the
correct paths for "tlscert" and "tlskey". If you are using systemd to run
the docker.service you will need an additional host in your host list:
"fd://". See systemd below.

2. Options on the command line

For the same options as described above, you would use the following command
line options:

2. Using systemd

Run sudo systemctl edit docker.service. This creates an override directory at
/etc/systemd/system/docker.service.d/ and an override file called
override.conf. Alternatively, you can create this directory and file manually
and you can give the file a more descriptive name so long as it ends with
.conf.

Edit the override file to match this:

[Service]
ExecStart=
ExecStart=/usr/bin/dockerd

and make sure that you add "fd://" to the "hosts" array in
/etc/docker/daemon.json if you are using it for your config.

If you are not using /etc/docker/daemon.json use the following for your
service file override.

Join the Docker Swarm

As a reminder, joining as a worker means you have no ability to control containers on another node.

Once you have joined the network, you will be issued a control panel login by Flying_Viking or a Factom employee after messaging Flying Viking or one of the Factom engineers on discord. You should private message the following for each node:

From the Portainer UI

Once you have logged into the control panel, please ensure your node is selected in the top left dropdown menu.

Then, click containers > add container.

❗️ These instructions must be followed exactly, otherwise you risk being kicked from the authority set. ❗️

Name your container factomd.

Enter the image name factominc/factomd:v5.0.0-alpine

Mark additional ports 8088:8088, 8110:8110, 8090:8090.

Do not modify access control.

Either this command for the command: -broadcastnum=16 -network=CUSTOM -customnet=fct_community_test -startdelay=600 -faulttimeout=120 -config=/root/.factom/private/factomd.confor your own flags. But be careful!

Click "volumes", and map /root/.factom/m2 to factom_database, and /root/.factom/private to factom_keys.

Click "labels" and add a label name:name = value:factomd

Click "deploy the container"

You are done!

NOTE: The Swarm cluster is still experimental, so please pardon our dust! If you have an issues, please contact ian at factom dot com.